On Tue, Mar 27, 2012 at 03:17:06PM -0400, Simo Sorce wrote:
> This patch fixes #2504, the logic to choose the client principal to use
> was basically reversed, and we ended up using the wrong principal to
> verify the PAC owner.
> This patch fixes it. Tested and s4u2proxy keeps working both with and
> without a PAC attached.
> It also keeps working with normal TGS requests of course.
ACK, '--delegate' is not neede anymore.
> Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list